Commit Graph

15010 Commits

Author SHA1 Message Date
Robert Ransom
e70610878a Add 'config-defaults-file' to getinfo_items table
Bugfix on commit 230422b955, not yet in any
release; fixes bug #4605.
2011-11-29 17:13:39 -08:00
Robert Ransom
4150d92eea Set torrc_fname in load_torrc_from_disk
Bugfix on commit 230422b955, not yet in any
release. Fixes bug #4604; reported by koolfy.
2011-11-29 17:11:49 -08:00
Nick Mathewson
8bb23c7def Merge branch 'bug4587_v2' 2011-11-29 19:15:40 -05:00
Nick Mathewson
e27a26d568 Set renegotiation callbacks immediately on tls inititation
This way, we can't miss a renegotiation attempt in a v2 handshake,
or miss excess renegotiation attempts.  Partial fix for bug 4587.
2011-11-29 19:10:19 -05:00
Nick Mathewson
e718397880 Correct manpage entry for DynamicDHGroups 2011-11-29 18:42:49 -05:00
Nick Mathewson
da6c136817 Merge remote-tracking branch 'asn-mytor/bug4548_take2' 2011-11-29 18:30:41 -05:00
Nick Mathewson
83f66db79e Merge branch 'disable_network' 2011-11-29 17:52:23 -05:00
Nick Mathewson
9e8f3ee8e4 Fix some DOCDOCs 2011-11-29 17:52:16 -05:00
Nick Mathewson
8c5a2c5b80 Make sure we never launch an evdns resolve when DisableNetwork is 1 2011-11-29 17:46:54 -05:00
Nick Mathewson
9e25422eed Merge branch 'multilevel_cfg' 2011-11-29 17:38:19 -05:00
Nick Mathewson
aba25a6939 Make pending libevent actions cancelable
This avoids a dangling pointer issue in the 3412 code, and should
fix bug 4599.
2011-11-29 17:08:29 -05:00
Nick Mathewson
116dd4ae4f log a notice when disablenetwork is set 2011-11-28 16:07:13 -05:00
Nick Mathewson
f4d8ed4b28 Manpage for DisableNetwork 2011-11-28 16:01:47 -05:00
Nick Mathewson
df9b76460c New 'DisableNetwork' option to prevent Tor from using the network
Some controllers want this so they can mess with Tor's configuration
for a while via the control port before actually letting Tor out of
the house.

We do this with a new DisableNetwork option, that prevents Tor from
making any outbound connections or binding any non-control
listeners.  Additionally, it shuts down the same functionality as
shuts down when we are hibernating, plus the code that launches
directory downloads.

To make sure I didn't miss anything, I added a clause straight to
connection_connect, so that we won't even try to open an outbound
socket when the network is disabled.  In my testing, I made this an
assert, but since I probably missed something, I've turned it into a
BUG warning for testing.
2011-11-28 15:44:10 -05:00
Nick Mathewson
230422b955 Support for a defaults torrc file.
This will mainly help distributors by giving a way to set system or package
defaults that a user can override, and that a later package can replace.

No promises about the particular future location or semantics for this:
we will probably want to tweak it some before 0.2.3.x-rc

The file is searched for in CONFDIR/torrc-defaults , which can be
overridden with the "--defaults-torrc" option on the command line.
2011-11-27 22:25:52 -05:00
Nick Mathewson
73436a1d6f Add the ability to append and clear linelist options from cmdline
This will be important for getting stuff to work right across zones.
2011-11-27 21:32:51 -05:00
Nick Mathewson
9ce5801e22 Make linelists always overridden by the command line
This starts an effort to refactor torrc handling code to make it easier
to live with.  It makes it possible to override exit policies from the
command line, and possible to override (rather than append to) socksport
lists from the command line.

It'll be necessary to make a "base" torrc implementation work at all.
2011-11-27 18:13:32 -05:00
Robert Ransom
a2791f43f5 Correct documentation comments for fields formerly named accepted_intros 2011-11-27 09:30:16 -08:00
Robert Ransom
256bcb4755 Rename accepted_intros fields 2011-11-27 09:26:48 -08:00
Nick Mathewson
b5a306e82c Merge branch 'safer_params_squashed' 2011-11-27 09:30:13 -05:00
Sebastian Hahn
e5e4bfd167 Implement consensus method 12 (proposal 178) 2011-11-27 09:29:33 -05:00
Nick Mathewson
40a87c4c08 indent; add comment 2011-11-27 09:24:41 -05:00
Nick Mathewson
e665ec6409 Merge remote-tracking branch 'asn/bug4584' 2011-11-27 09:18:55 -05:00
Nick Mathewson
617617e21a Don't schedule excess_renegotiations_callback unless it's set
Partial fix for bug 4587; reported by "frosty_un".
2011-11-27 08:21:59 -05:00
George Kadianakis
efba71b03c Add a changes file. 2011-11-27 09:03:37 +01:00
George Kadianakis
b42ff6545a Use random bytes as our certificate serial numbers.
Instead of using time(NULL) in our certificate serial numbers, use
eight random bytes as suggested in proposal 179.
2011-11-27 08:20:17 +01:00
George Kadianakis
055d6c01ff Write dynamic DH parameters to a file.
Instead of only writing the dynamic DH prime modulus to a file, write
the whole DH parameters set for forward compatibility. At the moment
we only accept '2' as the group generator.

The DH parameters gets stored in base64-ed DER format to the
'dynamic_dh_params' file.
2011-11-26 19:29:57 +01:00
George Kadianakis
f28014bf1a Introduce write_bytes_to_new_file().
Introduce write_bytes_to_new_file(), a function which writes bytes to
a file only if that file did not exist.
2011-11-26 18:56:49 +01:00
George Kadianakis
fa013e1bc5 Normal relays should generate dynamic DH moduli as well. 2011-11-26 05:57:17 +01:00
Roger Dingledine
58d1aa4402 fold in changes files so far 2011-11-25 19:24:42 -05:00
Nick Mathewson
9a88c0cd32 use event_free() wrapper; fix bug 4582 2011-11-25 19:09:48 -05:00
Nick Mathewson
e8dde3aabd Fix some wide lines in tortls.c 2011-11-25 17:22:46 -05:00
Nick Mathewson
633071eb3b Avoid a double-mark in connection_or_close_connection_cb 2011-11-25 17:21:11 -05:00
Nick Mathewson
7920ea55b8 Refactor tor_event_base_once to do what we actually want
This version avoids the timeout system entirely, gives a nicer
interface, and lets us manage allocation explicitly.
2011-11-25 17:18:54 -05:00
Nick Mathewson
e5f2f10844 Merge remote-tracking branch 'asn/bug4312' 2011-11-25 17:00:47 -05:00
Nick Mathewson
b1bd30c24c Make the pt/transports test not crash. 2011-11-25 16:54:06 -05:00
Nick Mathewson
d6c18c5804 Make process_handle_t private and fix some unit tests
Let's *not* expose more cross-platform-compatibility structures, or
expect code to use them right.

Also, don't fclose() stdout_handle and stdin_handle until we do
tor_process_handle_destroy, or we risk a double-fclose.
2011-11-25 16:47:25 -05:00
Nick Mathewson
093e6724c7 Merge remote-tracking branch 'asn/bug3472_act2' 2011-11-25 16:00:31 -05:00
Nick Mathewson
cb8059b42d Merge remote-tracking branch 'sebastian/pure_removal' 2011-11-25 14:54:04 -05:00
George Kadianakis
e3cee8bc2e Simply initialize TLS context if DynamicDHGroups change.
We used to do init_keys() if DynamicDHGroups changed after a HUP, so
that the dynamic DH modulus was stored on the disk. Since we are now
doing dynamic DH modulus storing in crypto.c, we can simply initialize
the TLS context and be good with it.

Introduce a new function router_initialize_tls_context() which
initializes the TLS context and use it appropriately.
2011-11-25 18:15:26 +01:00
Sebastian Hahn
75d8ad7320 Purge ATTR_PURE from the code
We're using it incorrectly in many cases, and it doesn't help as far as
we know.
2011-11-25 17:57:50 +01:00
George Kadianakis
e2a189053d Add a changes file. 2011-11-25 17:44:48 +01:00
George Kadianakis
f477ddcc20 Only bother with dynamic DH moduli if we are a bridge. 2011-11-25 17:44:43 +01:00
George Kadianakis
b31601975b Move DH_GENERATOR to crypto.c. 2011-11-25 17:44:11 +01:00
George Kadianakis
1df6b5a734 Move broken primes to dynamic_dh_modulus.broken. 2011-11-25 17:39:45 +01:00
George Kadianakis
4938bcc06a Do dynamic DH modulus storing in crypto.c. 2011-11-25 17:39:28 +01:00
Nick Mathewson
25c9e3aab9 Merge branch 'more_aes_hackery_rebased'
Conflicts:
	changes/aes_hackery
2011-11-25 10:36:13 -05:00
Nick Mathewson
fbec45c9b4 Make AES unit tests cover the AES and the EVP case. 2011-11-25 10:32:21 -05:00
Nick Mathewson
9814019a54 Use openssl's counter mode implementation when we have 1.0.0 or later
This shaves about 7% off our per-cell AES crypto time for me; the
effect for accelerated AES crypto should be even more, since the AES
calculation itself will make an even smaller portion of the
counter-mode performance.

(We don't want to do this for pre-1.0.0 OpenSSL, since our AES_CTR
implementation was actually faster than OpenSSL's there, by about
10%.)

Fixes issue #4526.
2011-11-25 10:32:21 -05:00
Nick Mathewson
8143074b3f Use EVP for AES only when hardware accel is present
Fixes bug 4525, fix on 0.2.3.8-alpha.
2011-11-25 10:32:00 -05:00